One could quibble about whether study results based on PSI should be typical of the population at large. PSI users are probably ahead of the game in terms of concern for security, but it's a big enough population (they claim over 2 million users) that it's got to be useful to some degree, and the numbers seem plausible enough to me.

Many are pushing this story as saying that the average user (or the average Windows user) has to patch their system, on average, every 5 days. The study doesn't say that, but it sets people up to misinterpret it in that way by stating that a typical software portfolio of 89 products should expect 79 "patch actions" a year.

Patch actions is a Secunia term equivalent to the number of their own advisories. Consider last month's Microsoft Patch Tuesday, in which the company released 13 advisories covering 26 vulnerabilities. This counts as 13 patch actions to Secunia, but it's one patch event for the vast majority of users. Clearly the "every 5 days" average overstates the reality of patching for users.